user authentication

Anon

I have added users into my mysql database using
$password = "mypassword";

$secure_password = md5($password);
mysql_connect(etc...etc...)
INSERT INTO dbname etc...

Anyway, that all works fine, but now I want to authenticate users securely using my login page.

My fields are user_name & user_pass. I have connected to my database but can't authenticate users correctly.

I have tried...

$access_password = md5($user_pass);

if($user_pass == "username" && $access_password == "password"); but to no avail!

Suggestions and help appreciated

Thanks

Anon

$query = select * from db_table where user_name = '$username' AND user_pass = '$userpass'";
mysql_result = mysql_query(you know);
if(mysql_affected_rows() == 0)
{
print("<h1>401 Unauthorized</h1>");
}
else
{
//do your thing
}

will this work?

there's lots of suggestions but it depends on exactly what you are trying to accomplish.

Anon

Yeah, that would work except for one thing...

"WHERE user_name = '$username' AND user_pass = '$userpass'...."

needs to be:

user_pass = PASSWORD('$userpass')

you should pass it through the MySQL password filtering when you SET UP and AUTHORIZE the user.

other than that, that little authorization script would work ok..

regards,
dan

trooper

One point here

You should really be saying

$query = select * from db_table where user_name = '$POST[username]' AND user_pass = '$POST[userpass]'";

If you don't then i could simply try and appnd those variables onto the end of the query string and may actually get lucky.